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CLAIMS: 

1 . A method for recovering a data repository from a failure affecting a primary copy of the 
data repository, including the steps of: 

maintaining a secondary copy of data sufficient to recover the primary copy of the data 
5 repository and data items held thereon; 

in response to a failure affecting the primary copy of the data repository, recreating a 
primary copy of the data repository from the secondary copy; and 

using a restore process to restore data items to the primary copy from the secondary copy 
within a recovery unit of work, wherein data items restored to the primary copy of the data 
10 repository within the recovery unit of work are made inaccessible to processes other than the 
restore process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the primary copy of the data 
repository to enable addition of data items to the data repository independent of said restore step 
and to enable processes other than the restore process to retrieve said independently added data 
15 items; and 

in response to successful completion of the restore step, committing the recovery unit of 
work including releasing said inaccessibility of the restored data. 

2. A method according to claim 1, wherein maintaining the secondary data copy comprises 
storing a backup copy of the data repository and storing log records describing updates to the 

20 primary copy performed since the backup copy was stored; wherein recreating the primary copy 
of the data repository includes the step of copying data repository definitions from the backup 
copy and applying the definitions to recreate the primary copy; and wherein restoring data items 
to the primary copy comprises copying data items from the backup copy and replaying the log 
records to identify and reapply updates to the primary copy. 
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3. A method according to claim 1 , wherein maintaining the secondary data copy includes 
storing log records that describe updates to the primary copy, and wherein the step of restoring 
the primary copy of the repository includes the steps of: 

replaying the log records of operations performed on data items within the primary copy 
5 of the data repository, 

caching log records relating to operations performed under syncpoint control within an 
original unit of work, 

determining from the cached log records the state of the original units of work at the time 
of the failure, and 

1 0 determining which of said syncpoint-controlled operations to perform within the recovery 

unit of work based on the determined state of the original units of work. 

4. A method according to claim 3, including performing operations within the recovery unit 
of work in accordance with the following procedure: 

if the original unit of work was committed before the failure, performing the relevant 
1 5 operations of the committed unit of work; 

if the original unit of work was in-doubt when the failure occurred, performing the 
relevant operations of the in-doubt unit of work but marking the operations in-doubt; and 

if the original unit of work is neither committed nor in-doubt, discarding the cached 
operations. 

20 5. A method according to claim 3, including discarding from the recovery unit of work any 
pairs of addition and deletion operations that comprise an addition of a data item to the primary 
copy of the data repository and a deletion of the same data item from the primary copy of the 
data repository, on condition that said addition and deletion operations were performed and 
committed before the failure. 
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6. A method according to any one of the preceding claims, wherein the data repository is a 
message repository and the step of restoring data to the primary copy of the data repository 
comprises performing message add, update and delete operations on the message repository. 

7. A method according to claim 6, for performance within a messaging communication 
5 system, wherein maintaining the secondary data copy includes storing log records to describe 

updates to the primary copy, and wherein the step of restoring data to the primary copy of the 
repository includes the steps of caching log records relating to message add, update and delete 
operations performed under syncpoint control within an original unit of work, determining from 
the log records the state of the original unit of work at the time of the failure, and determining the 
1 0 operations to perform within the recovery unit of work based on the determined state of the 
original unit of work as follows: 

if the original unit of work is committed, performing the relevant message add, update 
and delete operations; and 

if the original unit of work is in-doubt, performing the relevant message add, update and 
1 5 delete operations but marking the operations in-doubt; and 

if the original unit of work is neither committed nor in-doubt, discarding the cached 
operations. 

8. A method according to any one of the preceding claims, wherein data restored to the 
primary copy of the repository within the recovery unit of work is made inaccessible by setting a 

20 flag for each data item restored to the data repository, the flag indicating that the data item is not 
accessible. 

9. A method according to claim 8, wherein the flag indicates a transactional state of the data 
item and wherein a process for retrieving data items from the repository is adapted to identify 
one or more predefined transactional states as inaccessible. 
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10. A method according to claim 8 or claim 9, wherein the flag comprises a byte value of a 
distinctive primary key allocated to the data item when the data item is restored to the data 
repository, the byte value being selected from a range of values indicative of the transactional 
state of the data item. 

5 11. A method according to any one of claims 8 to 1 0, wherein the step of setting a flag 
comprises: 

setting a first flag for any data item for which the latest operation performed on the data 
item prior to the failure was a committed add operation which is to be restored to the data 
repository within the recovery unit of work; and 

10 setting a second flag for any data item for which the latest operation performed on the 

data item prior to the failure was an in-doubt add or delete operation which is to be restored to 
the data repository within the recovery unit of work. 

12. A method according to claim 1 1 , wherein the first flag comprises a byte value of a data 
item key selected from a first range of byte values representing a first transactional state and the 

1 5 second flag comprises a byte value of a data item key selected from a second range of byte 
values representing a second transactional state. 

13. A data communication system including: 

data storage for storing a primary copy of a data repository; 

secondary data storage for storing a secondary copy of data representing the data 
20 repository which secondary data is sufficient to recover the primary copy of the data repository 
and data held thereon; 

a recovery component for controlling the operation of the data communication system to 
recover from a failure affecting the primary copy of the data repository, wherein the recovery 
component is operable to control the data communication system to perform the steps of: 
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recreating a primary copy of the data repository from the secondary copy; and 

using a restore process to restore data items to the primary copy from the secondary copy 
within a recovery unit of work, wherein data items restored to the primary copy of the data 
repository within the recovery unit of work are made inaccessible to processes other than the 
5 restore process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the primary copy of the data 
repository to enable addition of data items to the data repository independent of said restore step 
and to enable processes other than the restore process to retrieve said independently added data 
items; and 

10 in response to successful completion of the restore step, committing the recovery unit of 

work including releasing said inaccessibility of the restored data. 

14. A data communication system according to Claim 13, comprising a data communication 
system for transferring messages between a sender and a receiver, wherein messages are held in 
the data repository following a message send operation by the sender and the messages are 
1 5 subsequently retrieved from the data repository for delivery to the receiver, and wherein a 

backup copy of the data repository is created and log records are written to record message send 
and message retrieval events since creation of the backup copy, wherein the recovery component 
is adapted to control the data communication system to perform the following steps: 

in response to a failure affecting the data repository, restoring messages to the data 
20 repository by reference to the backup copy of the data repository which backup copy was created 
prior to the failure; 

prior to completion of the recovery processing, configuring the data repository to enable 
new messages to be added to the data repository and retrieved therefrom without awaiting 
completion of the recovery processing; and 
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reapplying updates to the data repository corresponding to message send and message 
retrieval operations performed prior to the failure, by reference to log records created prior to the 
failure; 

wherein the steps of restoring messages to the data repository and reapplying updates to 
5 the data repository by reference to the backup copy and log records are performed within a 
recovery unit of work and the restored messages and reapplied updates are made inaccessible 
until all data repository updates corresponding to send and retrieve operations performed prior to 
the failure have been reapplied to the data repository. 

15. A computer program product comprising program code recorded on a recording medium 
10 for controlling the operation of a data processing apparatus on which the program code executes 
to perform a method for recovering a data repository from a failure affecting a primary copy of 
the data repository, for use with a data processing apparatus having a secondary data storage and 
having a component for maintaining a secondary copy of data in the secondary data storage 
which secondary copy is sufficient to recover the primary copy of the data repository and data 
1 5 items held thereon, the method including the steps of: 

in response to a failure affecting the primary copy of the data repository, recreating a 
primary copy of the data repository from the secondary copy; and 

using a restore process to restore data items to the primary copy from the secondary copy 
within a recovery unit of work, wherein data items restored to the primary copy of the data 
20 repository within the recovery unit of work are made inaccessible to processes other than the 
restore process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the primary copy of the data 
repository to enable addition of data items to the data repository independent of said restore step 
and to enable processes other than the restore process to retrieve said independently added data 
25 items; and 
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in response to successful completion of the restore step, committing the recovery unit of 
work including releasing said inaccessibility of the restored data. 

1 6 A computer program for controlling the operation of a data processing apparatus on 
which the program executes to perform a method for recovering a data repository from a failure 
affecting a primary copy of the data repository, wherein the data processing apparatus has a 
secondary data storage area and wherein the computer program includes a component for 
maintaining a secondary copy of data in the secondary data storage area which secondary copy is 
sufficient to recover the primary copy of the data repository and data items held thereon, the 
method including the steps of: 

in response to a failure affecting the primary copy of the data repository, recreating a 
primary copy of the data repository from the secondary copy; and 

using a restore process to restore data items to the primary copy from the secondary copy 
within a recovery unit of work, wherein data items restored to the primary copy of the data 
repository within the recovery unit of work are made inaccessible to processes other than the 
restore process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the primary copy of the data 
repository to enable addition of data items to the data repository independent of said restore step 
and to enable processes other than the restore process to access said independently added data 
items. 
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